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CLAIMS 

What is claimed is: 

1 . In a network supporting virtual network connections associated with clients 
communicating through a first node, a method comprising: 

maintaining separate upstream routing policy information and downstream 
policy information at the first node, the upstream routing policy information being: 
used at the first node to identify a second node to forward upstream traffic 
received firom at least a first client communicating through the first node, the 
downstream routing policy information being used at the first node to forward 
downstream traffic received firom a node to at least the first client; and 

for traffic transmitted by the first client through the first node, preventing 
use of the downstream policy routing information to route the traffic and instead 
utihzing the upstream routing policy information in the first node to ensure 
forwarding of the traffic transmitted by the* first client firom the first node to the 
second node. ^ 

2. ' A method as in claim 1, wherein the traffic transmitted by the first client through 

the first node intended for receipt by a second cUent is forwarded to the second 
node. . 

3. A method as in claim 1 fiirther comprising: 

receiving a session initiation request fi-om a second client to establish a 
session to communicate through the first node; 

fi-om an address server, obtaining network address assignment information 
for the first client that generated the session initiation request, the assignment 
information including network address information to be used for identifying the 
second client; and 
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populating the downstream routing policy information at the first node to 
include the network address information identifying the second client. 

A method as in claim 3 further comprising: 

receiving a network message from the second client coupled to 
communicate through the first node, the network message intended for receipt by 
the first client; 

utilizing the upstream routing policy information in the first node to 
identify a path on which to forward the network message; and 

forwarding the network message from the first node along the path to the 
second node. 

A method as in claim 4 further comprising: 

based on routing policy information at the second node, establishing a ^ 
return path between the second node and the first node on which to forward the 
network messages to the first client through the first node. 

A method as in claim 1 further comprising: 

based on use of the upstream routing policy information and downstream 
policy information at the first node, establishing a VPN (Virtual Private Network) 
connection between the first node and the second node on which to forward traffic 
from the first client. 

A method as in claim 1, wherein the second node is part of a service provider 
network and the traffic between the first and second node is at least partly 
supported by a core network supporting a label switching protocol. 

A method as in claim 1, wherein the upstream routing policy information and 
downstream policy information at the first node are each half duplex VRFs 
(Virtual Routing and Forwarding Instances) supporting forwarding of network 
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messages generated by multiple clients communicating with each other through 
the first node and the second node. 

A method as jri claim 1 further comprising: 

at the second node, applying a target-specific packet processing technique 
to the traffic fi-om the first client forwarded through the second node. 

A method as in claim 1 further comprising: 

populating the downstream policy information at the first node with 
network address information of each new client associated with a given service 
supported by a corresponding service provider. , 

A method as in claim 10 further comprising: . , 

after the downstre^ policy infprrnation is populated in the first node for a 
new client, distributing the network address information populated in the 
downstream policy information at the first node to the second node via use of a 
notification message distributed according to a 'system routing protocol. ■ 

A method as in claim 1 1 , wherein the system routing protocol is based on BGP 
(Border Gateway Protocol).. 

A computer system at a first node of a network that at least partially supports a 
virtual network connection, the computer system comprising: 
a processor; 

a memory unit that stores instructions associated with ah application 
executed by the processor; 

a communication interface that supports communication with other nodes 
of the physical network; and 
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an interconnect coupling the processor, the memory unit, and the 
communication interface, enabling the computer system to execute the application 
and perform operations of: 

maintaining separate upstream routing policy information and 
downstream policy information at the first node, the upstream routing 
policy information being used at the first node to identify a second node to 
forward upstream traffic received from at least a first client 
communicating through the first node, the downstream routing policy 
information being used at the first node to forward downstream traffic 
received fi-om a node to at least the first client; and 

for traffic transmitted by the first client through the first node, 
' preventing use of the downstream policy routing information to route the 
traffic and instead utilizing the upstream routing policy information in the 
first node to ensure forwarding of the traffic transmitted by the first client 
from the first node to the second node. 

A computer system as in claim 13, wherein the traffic transmitted by the first 
client through the first node intended for receipt by a second client is forwarded to 
the second node. 

A computer system as in claim 13 that additionally performs operations of: 

receiving a session initiation request from a second client to establish a 

session to communicate through the first node; 

from an address server, obtaining network address assignment information 

for the first client that generated the session initiation request, the assignment 

information including network address information to be used for identifying the 

second client; and 

populating the upstream routing policy information at the first node to 

include the network address information identifying the second client. 
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A computer system as in claim 13 that additionally performs operations of: 

receiving a network message from the second client coupled to 
communicate through the first node, the network message intended for receipt by 
the first client; 

utilizing the downstream routing policy information in the first node to 
identify a path on which to forward the network message; and 

forwarding the network message from the first node along the path to the 
second node. 

A computer system as in claim 13 that additionally performs operations of: 

based on routing policy information at the second node, establishing a 
return path between the second node and the first node on which to forward the 
network messages to the first client through the first node. 

15 18. A computer system as in claim 13 that additionally performs operations of: 

based on use of the upstream routing policy information arid downstream 
policy information at the first node, establishing a VPN (Virtual Private Network) 
connection between the first node and the second node on which to forward traffic 
from the first client. . : ' 

20 

19. A computer system as in claim 13, wherein the second node is part of a service 
provider network and the traffic between the first and second node is at least 
partly supported by a core network supporting a label switching protocol. 

25 20. A computer system as in claim 13, wherein the upstream routing policy 

information and downstream policy information at the first node are each half 
duplex VRFs (Virtual Routing and Forwarding Instances) supporting forwarding 
of network messages generated by multiple clients communicating with each 
other through the first node and the second node. 
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A computer system as in claim 13 that additionally perforais operations of: 

at the second node, applying a target-specific packet processing technique 
to the traffic from the first client forwarded through the second node. 

A computer system as in claim 13 that additionally performs operations of: 
populating the downstream policy information at the first node with 
network address information of each new client associated with a given service 
supported by a corresponding service provider. 

A computer system as in claim 22 that additionally performs operations of: , 

after the downstream policy information is populated in the first node for a 
new client, distributing the network address information populated in the 
downstream policy information at the first node to the second node via use of a 
notification message distributed according to a system routing protocol. 

A computer system as in claim 23, wherein the system routing protocol is based, 
on BGP {Border Gateway Protocol). ' ; 

A computer system at a first node of a network that at least partially supports a 
virtual network connection^ the computer system comprising: 

means for maintaining separate upstream routing policy information and 
downstream policy information at the first node, the upstream routing policy 
information being used at the first node to identify a second node to forward 
upstream traffic received from at least a first client commvmicating through the 
first node, the downstream routing policy information being used at the first node 
to forward downstream traffic received from a node to at least the first client; and 

for traffic transmitted by the first client through the first node, means for 
preventing use of the downstream policy routing information to route the traffic 
and instead utilizing the upstream routing policy information in the first node to 
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ensure forwarding of the traffic transmitted by the first cUent fi-om the first node 
to the second node. 

A computer program product including a computer-readable medium having 
instructions stored thereon for processing data information, such that the 
instructions, when carried out by a processing device, enable the processing 
device to perform the steps of: 

maintaining separate upstream routing poUcy information and downstream 
policy information at the first node, the upstream routing policy information being 
used at the first node to identify a second node to forward upstream traffic 
received fi-om at least a first cUent communicating through the first node, the 
downstream routing policy information being used at the first node to forward 
downstream traffic received from a node to at least the first client; and 

for traffic transmitted by the first client through the first node, preventing 
use of the downstream policy routing information to route the traffic and instead 
utilizing the upstream routing policy information in the first node to ensure 
forwarding of the traffic transmitted by the first client from the first node to the 
second node. 



